TfL cyber attack: What you need to know
- Published
Transport for London (TfL) first noticed something awry with its cyber security on 1 September.
It later clarified that "certain customer data" had been accessed, including names, addresses, contact details and bank details.
The latest update is that "the situation is evolving".
But for how long? And what do we need to know until it is resolved?
How long is this going to go on?
The short answer is - we don't know.
TfL said this attack was "sophisticated" and "aggressive" and is ongoing.
The cost to it has been "several million pounds".
Tube and bus services carried on and were unaffected.
TfL engineers had to shut down some areas of operation such as jam cams, external, dial-a-ride, external bookings and concession cards applications.
This was to try to restrict access to the hackers.
What has been affected?
Live Tube arrival information is not available on some digital channels, including TfL Go and the TfL website.
Online journey history is unavailable.
TfL is:
Unable to process payments on the Oyster and contactless app. Payments can still be made on the website and in stations
Unable to register Oyster cards to customer accounts on the website or the Oyster and contactless app
Unable to issue refunds for incomplete pay-as-you-go journeys made using contactless
What do I do if my child’s Zip card is due to expire?
TfL will continue to accept Zip cards up to and including 31 October 2024.
Your child will need to show their expired photocard to staff at the start and end of their journey on TfL services, or as requested.
Bus drivers and staff on the Tube gates have been told to let children on if their Zip card has expired.
On the trains, TfL says you should buy an Oyster card and travel as usual and then claim back those journeys when things return to normal.
What do I do if I've lost my card or need to get a new card?
To replace a lost photocard, call TfL on 0343 222 1234 between 08:00-20:00 every day and select option 1.
Applications for new Oyster photocards, including Zip cards, have been temporarily suspended.
Continue making journeys as usual and keep a record of any fares paid, as TfL might be able to arrange a refund once the cyber security incident has been resolved and a card has been issued.
Freedom passes are administered separately by London councils and have not been affected by cyber attack.
- Published20 September
- Published2 September
- Published12 September
Have Transport for London staff been affected?
Some TfL staff were initially told to work from home and have been subject to ID checks.
There has been a full IT reset for all staff.
That has now been completed - but insiders say even printing something is difficult.
TfL says many staff have limited access to systems and, as a result, there will be delays in responding to any online inquiries.
What do I do if I can't access my contactless data?
TfL has asked customers to "bear with them for a little longer".
The systems will come back online eventually and you will be able to get refunds for your incomplete journeys - although at the moment there is no date for when this will happen.
TfL says it is restoring systems every day.
Have Tfl's projects been affected?
Yes they have.
A scheme to roll out contactless to stations outside London - called Project Oval - had been due to be in operation by the end of September but it has been delayed.
Other projects will have been hit with some delays.
TfL says the main priority is maintaining transport services.